"There are three different signals to consider in broadcasting the user’s preferences for tracking:
User says they accept tracking
User says they reject tracking
User hasn’t chosen anything
Firefox defaults to state 3: we don’t know what the user wants, so we’re not sending any signals to servers. This causes the presence of the signal to mean more — the signal being sent should be the user’s choice, not ours. Therefore, Firefox doesn’t broadcast anything until our user has told us what to send."
"At the moment there is not yet an agreed definition of how to respond to a DNT signal, and we know that a uniform, industry-wide response will be the best way to provide a consistent consumer experience across the Web.... Microsoft does not yet respond to the DNT signal, but we are actively working with other advertising industry leaders on what an implementation plan for DNT might look like, with a goal of announcing more details about our plans in the coming months."
Brilliant, guys. I'm really excited that you're fully embracing something you have no clue how it's actually going to work. Instead of giving yourself an out, why not just commit to an aggressive interpretation of "do not track" on the server side as well?
(to be fair, when you wait two years between browser releases, you do have to try to aim where the market is moving towards, rather than where it is)
Unlikely to happen, since all their revenue of more than hundred million dollars a year comes from Google, which stands to lose big if that feature is implemented.
Opera and Chrome stand to lose too, so that won't happen there. Bing's revenues(and MSN.com etc.) also stand to lose with it, but looks like MS is okay with it.
The only exception with no stake in all this is Apple, which has already implemented third party cookie blocking in iPhone Safari(and Google got some heat for circumventing it).
Edit: On further thought, Apple does get a cut from Google being the default search, but it's probably such a miniscule part of their revenues that they can easily forgo in the name of doing the right thing for their users.
This is a really bad idea. Most people don't change defaults -- the idea behind DNT is that the people who care about privacy can easily take steps to assure their own privacy. As long as businesses know that browsers sending the DNT header are sending it intentionally, there's a chance that websites will respect it.
With this change, DNT becomes meaningless. How can businesses determine which users are OK with being tracked, and which are not? Since it's technologically easier to simply track everyone, and it makes good business sense to gather as many metrics as possible, businesses will simply argue that they can't respect a header that most people don't know/care about (since it was on by default). That makes things worse for the people who do care about it.
First, everybody cares about privacy. Just because businesses have taken advantage of users being clueless, doesn't mean those clueless people don't care about privacy.
Second, your "nobody knows about it" argument can cut the other way. How can a business track people when most people don't know/care that they can opt out of being tracked?
Nobody wants to mention it, but the truth is that if it were on by default, few people would turn off DNT once they knew what it was for.
I don't like MS, and I don't even own a computer that can run IE10, but I think this is a great idea.
I spent several years working for a marketing firm and based on my experience with the industry I would guess that there will be no adoption of honoring these tags if they are sent by default unless it becomes legally mandated.
Well there's really nothing Microsoft can do about that, is there?
It seems silly for marketing firms to tell everybody, "Oh yeah, we're totally serious about privacy and we'll honor DNT," and then backtrack when lots of browsers start sending it.
Other than companies like Google most marketing companies couldn't give a shit about what you think of them as you aren't their customer. Additionally a lot of marketing companies would likely publicly get behind a DNT header when the recommendation is that browsers send "no preference set" by default. As soon as a browser vendor goes to default DNT the marketers support of the standard and honoring of it will go out the window as it's not in their interests to participate any longer.
The end result will be that Microsofts choice will result in everyone being tracked rather than only those people that have no preference set or have explicitly opted in.
A good example of companies not honoring a restrictive default is the P3P header. Damn near everyone sends a P3P header but most of them don't actually honor the settings from the header, or have the other components set up. It's all about getting third party cookies set successfully and not honoring how MS implemented P3P in IE or what the user wants.
If you say everybody cares about privacy you should back that up (unless you are using privacy in the general term and not for this specific example). I, for one, do not care about site tracking; in fact, I would gladly opt in to any such service if I see it fit. And I know a lot of people who also do not care about tracking.
Well, I guess we'll find out when people start complaining that the internet ads they see aren't as relevant as they used to be and Microsoft relents and turns DNT off.
Most people do not understand how all this works well enough to even know that they have something to complain about. They just want their Googles to work and show them interesting things. If the ads they see are less interesting, they aren't going to say, "Huh, I wonder if Microsoft started sending an HTTP header which falsely indicates that I prefer irrelevant ads." No, they'll just lump it in with all the other stuff that doesn't seem relevant to them and ignore it. Which of the parties involved in that situation wins? Not the browser implementor, not this particular user (who doesn't care), and not any of the advertisers who now have to waste money talking to people who are unlikely to be interested.
This is true, but it's also a very broad statement that does not entail that many people care about the Do Not Track header. Everybody has a different level of privacy that they care about. Most people care if you watch them in their bedrooms or bathrooms. Some people care if you know how much money they have. A smaller number of people care if you see their bare skin and thus wear burqas when they go out in public. An even smaller number of people care if ad networks compile a profile of things that are interesting to them.
The problem is that "Do Not Track" is supposed to indicate intent. If the browser vendor indicates intent in one direction when the user hasn't indicated intent in either direction, advertisers can no longer trust what the browser tells them. It's like the boy who cried wolf.
Seems like a terrible idea. I think the vast majority of online marketing companies are very willing to let people opt-out of tracking [1], but people who haven't expressed a preference? If DNT header becomes the default for browsers then I predict ignoring DNT will become the default for ad networks.
The header isn't called "tracking permission", it's "Do Not Track", an explicit negative. Genius move on MS part though. By making DNT too detrimental for advertisers to implement, they ensure no one will implement it, which means they will also be able to ignore it.
Indeed. I seriously think this is a sly attempt at crippling DNT and boosting ad revenues (also, remember: Microsoft owns a significant stake in Facebook, whose "Like" beacons would be adversely affected by legislation regulating DNT).
As a bonus, they get to look like a modern, privacy-conscious, I've-got-your-back company while they're at it. From a business perspective, it's really smart.
Disclaimer: Used to work for Microsoft, though nothing web-related.
I like the idea of privacy-by-default, but I can't help thinking they're announcing it prematurely for the PR. It may even undermine voluntary adoption of the tag, since it no longer represents an explicit request not to track.
They just released a new version of IE10 preview and it's expected to go gold in about 2 months, so they're giving time for websites to prepare before releasing it.
>It may even undermine voluntary adoption of the tag, since it no longer represents an explicit request not to track
I think this is sort of like how Apple disabled third party cookies in Safari on the iPhone by default and then Google was caught circumventing it. It could end up in a PR nightmare for advertizing companies if they don't follow DNT requests, whether opt-in or opt-out.
This seems like an unfortunate case of Microsoft looking to what will be the standard several years from now - a good thing for most web technology, given their slow browser development speed. However, due to the politics and industry regulation that is still being decided, this will actually sway the direction of DNT and make it useless (as many users have pointed out here). There are two fundamental things to keep in mind:
1) There will always be ads on the internet. We are not moving to a direct pay internet economy anytime soon.
2) Behavior targeting is significantly more effective than other types of targeting including the context based approach heavily favored by privacy advocates. (See http://idaconcpts.com/2011/04/13/behavioral-targeting-double...). Because of this, the advertising companies will find ways to keep doing behavior targetting - ranging from the benign like site retargetting to the more troubling association with private data.
DNT as an opt out solution is great because it allows people who probably won't click on ads to say they don't want them. Private users and advertising companies both win. But third party cookies exist for a reason and if they are removed from the equation then advertising companies will simply find another way.
If IE10 installer asked you this question:
Do you want websites to track you? () Yes () No
I think most people would say No. So, defaulting to No seems like the correct thing to do.
I don't know if that would really hurt Google or Facebook because if you have a google account, you are opted-in to have google or facebook track you.
It might hurt 'lurker' ad networks which track you without you even having any account or relationship with them.
And if waiters asked restaurant patrons if they wanted dihydrogen monoxide used in the cooking of their food, most people would say no. That doesn't mean we should stop cooking with water.
A huge amount of Google's advertising is based on anonymous (not linked to your Google account) profiles they build of people, which they can't do if DNT is set.
I'm not normally one for tinfoil-hat theories... but given that "online advertising" is basically synonymous with Google, how does this decision impact Google?
"If “Do Not Track” defaults to on, most users will have it on; if it defaults to off, most users will have it off. Defaulting to off is no more a representation of “the user’s voice” than defaulting to on is."
"There are three different signals to consider in broadcasting the user’s preferences for tracking:
Firefox defaults to state 3: we don’t know what the user wants, so we’re not sending any signals to servers. This causes the presence of the signal to mean more — the signal being sent should be the user’s choice, not ours. Therefore, Firefox doesn’t broadcast anything until our user has told us what to send."